Data Breaches

← Breach overview
Odido logo

Odido

odido.nl
📱CommunicationTele2BenSimpel

Odido is a telecommunications company operating in the Netherlands. It provides mobile and internet services to consumers and businesses.

Key Takeaways

  • Personal data for 6.1 million people, including names, addresses, phone numbers, bank account numbers, dates of birth, customer service comments, and government IDs, was exposed in a data breach that occurred on February 12, 2026.
  • This incident is part of a pattern of large-scale data breaches affecting telecommunications companies.
  • Affected individuals should be vigilant about phishing attempts and potential identity theft due to the exposed personal and financial information.

Breach Overview

On February 12, 2026, Dutch telecommunications provider Odido experienced a data breach affecting 6.1 million customers. The exposed data includes a wide range of personal information such as names, physical addresses, phone numbers, email addresses, bank account numbers, dates of birth, genders, and customer service comments. Additionally, sensitive identification documents like driver's licenses, passport numbers, and government-issued ID numbers were exposed. The company has publicly acknowledged the incident and provided an FAQ for affected customers.

The breach also reportedly included data from individuals who were no longer Odido customers, indicating that the company may have retained personal data for an extended period. This incident exposed a significant amount of personally identifiable information, raising concerns about potential identity theft and targeted scams.

Exposed Data

Bank account numbersCustomer service commentsDates of birthDriver's licensesEmail addressesGendersGovernment issued IDsNamesPassport numbersPhone numbersPhysical addresses

Timeline & Cause

The data breach at Odido occurred on February 12, 2026, and was publicly disclosed on February 26, 2026. The incident involved attackers accessing a customer contact system used for communications, rather than the core telecom service operations. The attackers, identified as ShinyHunters, reportedly attempted to extort Odido before releasing the stolen customer data online in several batches, beginning on March 1, 2026.

Next Steps

If you are an Odido customer, you should be extremely cautious about any unsolicited communications, especially those asking for personal information or directing you to click on links. Odido has warned of new phishing emails that appear to be from them, asking users to install app updates via external links; do not click on these links, download anything, or reply, and delete such emails immediately. Odido states they will never ask you to install updates this way. Given the exposure of bank account numbers and government IDs, monitor your financial statements and credit reports for any suspicious activity. While Odido does not believe changing your bank account number is necessary due to this breach, remaining vigilant is crucial. Consider implementing multi-factor authentication on all your online accounts where available to add an extra layer of security.

Take Action

Generate a GDPR request

Build a ready-to-send access or deletion request.

Download Paperweight

Scan your inbox to find other accounts linked to exposed data.